[OAUTH-WG] Google’s Experimental OAuth-WRAP support
Eric Sachs <esachs@google.com> Mon, 17 May 2010 17:11 UTC
Return-Path: <esachs@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CDD233A6A9D for <oauth@core3.amsl.com>; Mon, 17 May 2010 10:11:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -98.952
X-Spam-Level:
X-Spam-Status: No, score=-98.952 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FM_FORGED_GMAIL=0.622, HTML_FONT_LOW_CONTRAST=0.124, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VDPC+GIi7+te for <oauth@core3.amsl.com>; Mon, 17 May 2010 10:11:26 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id 373B13A6A91 for <oauth@ietf.org>; Mon, 17 May 2010 10:11:03 -0700 (PDT)
Received: from kpbe15.cbf.corp.google.com (kpbe15.cbf.corp.google.com [172.25.105.79]) by smtp-out.google.com with ESMTP id o4HHAmLT011350 for <oauth@ietf.org>; Mon, 17 May 2010 10:10:49 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1274116249; bh=6CQmik96YRPMX9YsKwFdlvJovlM=; h=MIME-Version:Date:Message-ID:Subject:From:To:Content-Type; b=VMgNdyVDIJav5zaXcaZTpns8BKjNNAa0D2Uh+IRsV/626TiQSD6VdGYgN/Sa6Zg92 TRlqMut54H7dUZtM9w83A==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:date:message-id:subject:from:to:content-type:x-system-of-record; b=nKsbybUGaeKReSvOuqurKCsFmtaaRrU1yPZMvG+9bSwO91dgBCGliplx4AN99MNYR Irnehm/BU95CezBNFoIcQ==
Received: from qyk32 (qyk32.prod.google.com [10.241.83.160]) by kpbe15.cbf.corp.google.com with ESMTP id o4HHAA43003651 for <oauth@ietf.org>; Mon, 17 May 2010 10:10:47 -0700
Received: by qyk32 with SMTP id 32so697793qyk.0 for <oauth@ietf.org>; Mon, 17 May 2010 10:10:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.72.143 with SMTP id m15mr2981237qaj.231.1274116246995; Mon, 17 May 2010 10:10:46 -0700 (PDT)
Received: by 10.229.78.152 with HTTP; Mon, 17 May 2010 10:10:46 -0700 (PDT)
Date: Mon, 17 May 2010 10:10:46 -0700
Message-ID: <AANLkTik-naPkTqOViLgRFW5LFghwPsSEgRTWbHfkC0ml@mail.gmail.com>
From: Eric Sachs <esachs@google.com>
To: oauth-wrap-wg@googlegroups.com, OAuth WG <oauth@ietf.org>, oauth@googlegroups.com, oauth-sasl-xmpp <oauth-sasl-xmpp@google.com>
Content-Type: multipart/alternative; boundary="00c09f88cfaf4e04640486cd4eea"
X-System-Of-Record: true
Subject: [OAUTH-WG] Google’s Experimental OAuth-WRAP support
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2010 17:11:28 -0000
Google currently supports the use of the OAuth1.0/1.0a and OpenID/OAuth Hybrid protocols for accessing Google APIs (see documentation<http://code.google.com/apis/accounts/>). Google is committed to providing support for OAuth2<http://www.google.com/url?q=http%3A%2F%2Fwiki.oauth.net%2FOAuth-2&sa=D&sntz=1&usg=AFQjCNHM6Pduh__AaGWa0f2IWYlrYFK-8Q>in the future. As a milestone towards that goal, Google has implemented support for the OAuth-WRAP<http://www.google.com/url?q=http%3A%2F%2Fwiki.oauth.net%2FOAuth-WRAP&sa=D&sntz=1&usg=AFQjCNHjecqdM82DH202s--ZaYBkf9rVMg>protocol which was a big influence on the design of OAuth2. You can find documentation at this site: https://sites.google.com/site/oauthgoog/Home/oauth-wrap-support While Google does not plan to formally announce our OAuth-WRAP support, we are making it available on an experimental basis to show our progress towards support for OAuth2. Since OAuth-WRAP and OAuth2 share many of the same design characteristics, we are also hoping that some developers will leverage our experimental support to build prototypes of new types of applications that were very hard to create using OAuth1, but which are much easier on OAuth-WRAP and OAuth2. Eric Sachs Product Manager, Google